Global Law Enfocement Agencies Dismantle Cybercrime Services Cracked and Nulled

On January 9, 2024, international law enforcement agencies announced the disruption and dismantling of the cybercrime marketplaces Cracked and Nulled as part of Operation Talent, a coordinated effort involving the US Department of Justice, Europol, and agencies from Italy, Australia, France, Germany, Greece, Italy, Romania, and Spain. 

These platforms, which had operated for years, facilitated the illegal sale of stolen login credentials, cracked software, hacking tools, and financial data, attracting millions of cybercriminals worldwide. Cracked alone had over four million registered users, making it one of the largest illicit marketplaces for cybercrime-related goods. Law enforcement agencies focused on targeting not only the platforms themselves but also the underlying infrastructure, administrators, and financial networks that kept them operational.

‍

“German law enforcement and our partners will continue to work to protect people against cybercrime actors,” Jana Ringwald, Senior Cybercrime Prosecutor in the Prosecutor General’s Office of Frankfurt, Germany, told TRM. “This investigation is an example of how law enforcement around the world can collaborate; German, US, and Europol authorities played major roles in the takedown but the takedown may not have been possible without the help of Italian authorities and contributions from Spain, Greece, and Romania as well."

Law enforcement seized multiple domains linked to Cracked and Nulled, effectively cutting off access to the marketplaces. These domains hosted massive amounts of stolen data and illicit hacking tools, making them key nodes in the global cybercriminal ecosystem. Law enforcement used court orders and international warrants to force hosting providers to take down these sites, preventing cybercriminals from continuing their activities. 

Some of the seized servers contained detailed transaction histories, user records, and encrypted communication logs, providing authorities with critical evidence for ongoing investigations. The operation also included physical searches and digital forensics investigations to secure additional intelligence on the marketplaces’ administrators and their financial operations.

Cracked and Nulled operated similarly to other cybercrime services. Cybercrime services, like Cracked and Nulled, operate through underground networks and forums, offering illicit tools and expertise to paying customers, often through a Cybercrime-as-a-Service (CaaS) model. These services enable even low-skilled individuals to launch sophisticated cyberattacks.

These services are marketed on cybercrime forums, darknet marketplaces, and encrypted messaging apps like Telegram and Discord, with transactions primarily conducted in cryptocurrency. Unlike darknet markets, which focus on selling physical and digital goods, cybercrime services provide attack capabilities and fraud tools, often on a subscription basis or via profit-sharing agreements. Law enforcement agencies, including the FBI and Europol, are increasingly targeting these operations through undercover infiltration, blockchain analysis, and infrastructure seizures, but the cybercrime economy continues to evolve, with criminals adapting by decentralizing operations and shifting to harder-to-trace technologies.

One of the most significant recent takedowns in the cybercrime ecosystem was the FBI-led operation against Qakbot, a sophisticated botnet that had been active since 2008 and used by multiple ransomware groups, including Conti, ProLock, and REvil. Qakbot infected hundreds of thousands of computers worldwide, acting as an initial access broker that provided cybercriminals with a foothold in compromised networks, enabling further ransomware deployments and financial fraud. 

In August 2023, law enforcement agencies from the U.S. and international partners successfully infiltrated Qakbot’s infrastructure, redirecting malware-infected computers to FBI-controlled servers and effectively dismantling the botnet. As part of the operation, authorities seized approximately USD 8.6 million in illicit cryptocurrency proceeds, disrupting the financial operations of cybercriminal groups reliant on Qakbot’s services. This takedown demonstrated the increasing effectiveness of combining traditional law enforcement techniques with blockchain intelligence and digital forensics, showing that even the most entrenched cybercrime networks are vulnerable to coordinated global enforcement efforts.

For more read TRM’s in-depth case study with the FBI on the Qakbot takedown here.

In addition to infrastructure takedowns, law enforcement targeted the financial networks that sustained Cracked and Nulled, freezing illicit funds and tracing transactions through both traditional banking systems and cryptocurrency channels. Investigators used blockchain intelligence tools to follow the flow of digital assets, identifying wallets where cybercriminals stored proceeds from illicit transactions. Authorities also worked with payment processors and financial institutions to seize funds and block future transactions linked to these marketplaces. This strategy effectively crippled Cracked and Nulled’s ability to operate, ensuring that even if the sites were relocated, they would lack the financial resources to rebuild. Europol and its partners simultaneously conducted arrests, interrogations, and forensic analyses to identify and apprehend key figures involved in running the platforms.

The latest TRM’s Crypto Crime Report highlights that while the overall percentage of illicit crypto volume remains below 1% of total transactions, darknet marketplaces, ransomware actors, and cybercriminal syndicates continue to evolve. The increasing use of privacy coins like Monero and the adoption of cross-chain laundering techniques present new challenges for investigators. The seizure of Cracked and Nulled marks a significant victory in the ongoing fight against cyber-enabled financial crime, demonstrating the increasing ability of international law enforcement to track, disrupt, and dismantle sophisticated cybercriminal networks by coordinating global enforcement actions, leveraging advanced digital forensics, and cutting off financial resources that sustain these operations.